Linux Distros Unpatched Vulnerability : CVE-2016-10729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The runtar setuid root binary does not...

RHEL 6 : amanda (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - amanda: Privilege escalation in runtar via --rsh-command option CVE-2016-10729 Note that Nessus has not tested for...

Amazon Linux 2 : amanda (ALAS-2023-2218)

The version of amanda installed on the remote host is prior to 3.3.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2218 advisory. An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The...

Amazon Linux AMI : amanda (ALAS-2023-1808)

The version of amanda installed on the remote host is prior to 2.6.1p2-8.14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1808 advisory. An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation...

Medium: amanda

Issue Overview: An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injecti...

SUSE: Security Advisory (SUSE-SU-2018:4121-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES11 Security Update : amanda (SUSE-SU-2018:4121-1)

This update for amanda fixes the following issues : Security issue fixed : CVE-2016-10729: Fixed a local privilege escalation from amanda to root via unsafe tar command options bsc1112916. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

openSUSE Security Update : amanda (openSUSE-2018-1421)

This update for amanda fixes the following security issue : - CVE-2016-10729: Local privilege escalation from amanda user to root via unsafe tar command options bsc1112916 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

openSUSE: Security Advisory for amanda (openSUSE-SU-2018:3804-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2016-10729

creationtimestamp| type| source ---|---|--- 2018-10-25 00:21:16+00:00| seen| https://t.me/cibsecurity/841...

CVE-2016-10729

CVE-2016-10729 concerns Amanda 3.3.1 where the runtar setuid root binary does not validate extra arguments after --create, enabling a local attacker with backup privileges to perform command injection as root. The vulnerability is a local privilege escalation with potential full compromise of a c...